diff --git a/backend/main.py b/backend/main.py
index 78c5666..8f43ffe 100644
--- a/backend/main.py
+++ b/backend/main.py
@@ -477,6 +477,8 @@ def business_apply(body: dict, user=Depends(get_current_user)):
         "INSERT INTO notifications (target_role, title, body) VALUES (?, ?, ?)",
         ("admin", "🏢 商业认证申请", f"{who} 申请商业用户认证，商户名：{business_name}")
     )
+    log_audit(conn, user["id"], "business_apply", "user", user["id"], who,
+              json.dumps({"business_name": business_name}))
     conn.commit()
     conn.close()
     return {"ok": True}
@@ -518,13 +520,15 @@ def approve_business(app_id: int, user=Depends(require_role("admin"))):
         raise HTTPException(404, "申请不存在")
     conn.execute("UPDATE business_applications SET status = 'approved', reviewed_at = datetime('now') WHERE id = ?", (app_id,))
     conn.execute("UPDATE users SET business_verified = 1 WHERE id = ?", (app["user_id"],))
-    # Notify user
-    target = conn.execute("SELECT role FROM users WHERE id = ?", (app["user_id"],)).fetchone()
+    target = conn.execute("SELECT role, display_name, username FROM users WHERE id = ?", (app["user_id"],)).fetchone()
+    target_name = (target["display_name"] or target["username"]) if target else "unknown"
     if target:
         conn.execute(
             "INSERT INTO notifications (target_role, title, body, target_user_id) VALUES (?, ?, ?, ?)",
             (target["role"], "🎉 商业认证通过", "恭喜！你的商业用户认证已通过，现在可以使用项目核算等商业功能。", app["user_id"])
         )
+    log_audit(conn, user["id"], "approve_business", "user", app["user_id"], target_name,
+              json.dumps({"business_name": app["business_name"]}))
     conn.commit()
     conn.close()
     return {"ok": True}
@@ -539,7 +543,8 @@ def reject_business(app_id: int, body: dict = None, user=Depends(require_role("a
         raise HTTPException(404, "申请不存在")
     reason = (body or {}).get("reason", "").strip()
     conn.execute("UPDATE business_applications SET status = 'rejected', reviewed_at = datetime('now'), reject_reason = ? WHERE id = ?", (reason, app_id))
-    target = conn.execute("SELECT role FROM users WHERE id = ?", (app["user_id"],)).fetchone()
+    target = conn.execute("SELECT role, display_name, username FROM users WHERE id = ?", (app["user_id"],)).fetchone()
+    target_name = (target["display_name"] or target["username"]) if target else "unknown"
     if target:
         msg = "你的商业用户认证申请未通过。"
         if reason:
@@ -549,6 +554,8 @@ def reject_business(app_id: int, body: dict = None, user=Depends(require_role("a
             "INSERT INTO notifications (target_role, title, body, target_user_id) VALUES (?, ?, ?, ?)",
             (target["role"], "商业认证未通过", msg, app["user_id"])
         )
+    log_audit(conn, user["id"], "reject_business", "user", app["user_id"], target_name,
+              json.dumps({"reason": reason}))
     conn.commit()
     conn.close()
     return {"ok": True}
@@ -619,11 +626,13 @@ def grant_business(user_id: int, user=Depends(require_role("admin"))):
     conn = get_db()
     conn.execute("UPDATE users SET business_verified = 1 WHERE id = ?", (user_id,))
     target = conn.execute("SELECT role, display_name, username FROM users WHERE id = ?", (user_id,)).fetchone()
+    target_name = (target["display_name"] or target["username"]) if target else "unknown"
     if target:
         conn.execute(
             "INSERT INTO notifications (target_role, title, body, target_user_id) VALUES (?, ?, ?, ?)",
             (target["role"], "🎉 商业认证已开通", "管理员已为你开通商业用户认证，现在可以使用商业核算等功能。", user_id)
         )
+    log_audit(conn, user["id"], "grant_business", "user", user_id, target_name, None)
     conn.commit()
     conn.close()
     return {"ok": True}
@@ -644,6 +653,9 @@ def revoke_business(user_id: int, body: dict = None, user=Depends(require_role("
             "INSERT INTO notifications (target_role, title, body, target_user_id) VALUES (?, ?, ?, ?)",
             (target["role"], "商业资格已取消", msg, user_id)
         )
+    target_name = (target["display_name"] or target["username"]) if target else "unknown"
+    log_audit(conn, user["id"], "revoke_business", "user", user_id, target_name,
+              json.dumps({"reason": reason}) if reason else None)
     conn.commit()
     conn.close()
     return {"ok": True}
diff --git a/frontend/src/views/AuditLog.vue b/frontend/src/views/AuditLog.vue
index bc1050a..0d98051 100644
--- a/frontend/src/views/AuditLog.vue
+++ b/frontend/src/views/AuditLog.vue
@@ -91,6 +91,11 @@ const ACTION_MAP = {
   update_user: '修改用户',
   delete_user: '删除用户',
   undo_delete_user: '恢复用户',
+  business_apply: '申请商业认证',
+  approve_business: '通过商业认证',
+  reject_business: '拒绝商业认证',
+  grant_business: '开通商业认证',
+  revoke_business: '撤销商业认证',
 }
 
 const actionTypes = [
@@ -99,6 +104,7 @@ const actionTypes = [
   { value: 'user', label: '用户' },
   { value: 'tag', label: '标签' },
   { value: 'adopt', label: '审核' },
+  { value: 'business', label: '商业认证' },
 ]
 
 const targetTypes = [